CVE-2011-1154
Publication date 30 March 2011
Last updated 24 July 2024
Ubuntu priority
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
Status
Package | Ubuntu Release | Status |
---|---|---|
logrotate | ||
Notes
Patch details
Package | Patch details |
---|---|
logrotate |
References
Related Ubuntu Security Notices (USN)
- USN-1172-1
- logrotate vulnerabilities
- 21 July 2011